2008-04-09

Someone's finally listening

When a hospital computer gets compromised, the privacy of a person's health records are at risk of theft. When a bank is compromised, people stand to lose money through fraud.

When defense department computers are compromised, information about the tactics and technologies used to defend our country can be lost. For years, major defense contractors have been jumping up and down, waving our hands, trying to tell the US Government that we have a major problem: compromises of unclassified systems that have the potential to impact national security. And let there be no mistake: regardless of your feelings on the subject, the lines between the networks and staff of the DoD and the defense industrial base are blurred. A compromise of one likely means a compromise of the other, and vice versa. We sit next to each other in operations centers. We build next-generation technology side-by-side.

It seems that, along with the injection of billions of dollars from a presidential directive, someone is finally starting to pay attention. Naturally, this is being presented as their idea, but whatever - the important point is that it gets addressed.

A choice quote:
The government needs the "best and brightest" from Silicon Valley and elsewhere in the private sector to work on creating an advanced warning system to prevent such cyberattacks.

The best & brightest in the DIB have been trying to help the government for years. If this means they will finally start listening (as an institution - to date collaboration has been at more of a professional than organizational level), then I welcome the change. If this means DHS will begin looking for a silver bullet to every security problem, or engaging in more security theater like that which we see at airports, then I loathe to think what this could mean. I can only imagine FTP becoming illegal over IP because an adversary stole sensitive military technology from a compromised system via that protocol. Laughable, yes, but this is a direct parallel to the approach taken in matters of airport security. We need something more than theater and throwing money at snake oil.

The important question is now: can the DHS, which has failed over its 6 years in many of its most important tasks (see also: Katrina), and the NSA, still notorious amongst the intel community for being unwilling to share data, accomplish this task? Let's hope so.

No comments: